phoenixfd_demo_20000_maya2013.5_vray_20_x64.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from download2.chaosgroup.com.
MD5:
6fe205c6900ce0a1366fa115a93b88b7

SHA-1:
31a2d0515b144fc194aed313efc6795f7de29a13

SHA-256:
a1c07c9ad5f4ef40ab266e610737105191ea52139954126b2ded157d181dc690

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/26/2024 6:03:49 PM UTC  (today)

File size:
12.2 MB (12,844,157 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\downloads\phoenixfd_demo_20000_maya2013.5_vray_20_x64.exe

File PE Metadata
Compilation timestamp:
10/22/2012 8:14:50 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
9.0

CTPH (ssdeep):
393216:OnbiqyDPEoChv0ZwUr+xc00feun9xv8OtbFQaU:RY0Eufrn9CepQj

Entry address:
0x28D44

Entry point:
48, 83, EC, 28, E8, 37, 8A, 00, 00, 48, 83, C4, 28, E9, 56, FE, FF, FF, CC, CC, 33, D2, 44, 8D, 42, 0A, E9, 59, 8D, 00, 00, CC, 40, 53, 48, 83, EC, 20, 48, 8B, D9, 48, 8D, 4C, 24, 30, FF, 15, 80, B5, 01, 00, 48, 8B, 54, 24, 30, 48, 83, C9, FF, 49, BB, 00, 80, C1, 2A, 21, 4E, 62, FE, 48, B8, BD, 42, 7A, E5, D5, 94, BF, D6, 49, 03, D3, 48, F7, E2, 48, B8, FF, 6F, 40, 93, 07, 00, 00, 00, 48, C1, EA, 17, 48, 3B, D0, 48, 0F, 4F, D1, 48, 85, DB, 74, 03, 48, 89, 13, 48, 8B, C2, 48, 83, C4, 20, 5B, C3, CC, CC, CC...
 
[+]

Entropy:
7.9702  (probably packed)

Code size:
267.5 KB (273,920 bytes)

The file phoenixfd_demo_20000_maya2013.5_vray_20_x64.exe has been seen being distributed by the following URL.